Transaction not found

Ok sadly this means i cant validate live. So im on my old own validation. Which worked like this:

  • Extension calls a api command to get a transaction token inside onTransactionComplete
  • After this send the transaction data from twitch togehter with the created token to the API
  • API checks if the token is valid (unique, no used, creation time < 10 minutes, same HTTP_REFERER)
  • Response with the data to the extension.

Do you think this is secure enough? oh and the token can only created from the extension referer.